>But remember that the TIS version uses the password file for login
>privileges to ftpd. Marcus says that he doesn't do a second chroot,
>but I'm not convinced that that's wise -- let your non-anonymous
>ftp administrators have access to a functional passwd file, if
>they wish, but give anonymous users *nothing*.
It's my fault for being unclear. The version we
run (and which is with the firewall toolkit) uses our authentication
server for authentication, and the password file entry serves only
to make the output from "ls" look nice and to let ftpd know if it
is someone it wants to accept as a user. So the password file
is really just a placeholder and way of mapping uids to names.
If you're using passwords, you're just asking for
trouble, anyhow, whether they're in your FTP area or anyplace else
on your system (except for hidden keys in your challenge-response
system's database, that is) :).